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WHAT IS CLAIMED IS: 

1 . A method for extracting a verification model from program source code comprising the 
steps of: 

generatmg a parse tree defining a control flow fi-om the source code; 
identifying source code elements; 

fi-om the parse tree, generating source strings for selected ones of the source code 
elements; 

defining corresponding default conversions for translating the source strings into a target 
language of a model checker; and 

generating a verification model m the target language, wherein the verification model 
conforms to the control flow and to the corresponding default conversions for the selected ones 
of the source code elements. 

2. The method of claim 1 comprising the fiirther steps of: 

optionally searching a conversion table for an entiy associated with at least one of the 
source strings, the entry including a translation for the at least one of the source strings; and 

substituting the translation for the corresponding default conversion for the at least one of 
the source strings, wherein the verification model further conforms to the translation. 

3. The method of claim 1 wherein the source code elements include basic statements and 
boolean conditionals. 

4. The method of claim 1 wherein the generating of source text stiings includes the fiirther 
step of expressing the source text strings in a canonical form. 
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1 5. The method of claim 1 wherein specifics of the corresponding default conversions can 

2 depend on a usage of the selected ones of the source code elements. 

1 6. The method of claim 2 wherein the conversion table further includes samples of source 

2 strings. 

1 7. The method of claim 2 wherein the conversion table further includes classes of source 

2 strings. 

1 8. The method of claim 6 wherein the searching of the conversion table includes the step of 

2 pattern matching the at least one of the source strings to the samples of source strings. 

:| 9. The method of claim 7 wherein the searching of the conversion table includes the step of 

l^, pattern matching the at least one of the source strings to the classes of source strings. 

. I 10. The method of claim 1 wherein the corresponding default conversions causes the 

r| translating of the sour9e strings to respective equivalent statements in the target language when 

1=3; the selected ones of the source code elements are fiiUy relevant to a property to be tested, the 

5=1 translating of the source strings to nul statements in the target language when the selected ones of 

5 the source code elements are irrelevant to the property to be tested, and the translating of the 

6 source strings to preservation statements in the target language when the selected ones of the 

7 source code elements are partially relevant to the property to be tested, preservation statements 

8 being statements that preserve a relevant part of the source strings and that suppress an irrelevant 

9 part of the source strings. 
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1 11 . The method of claim 2 wherein the generating a verification model step includes the 

2 further step of translating ones of the source strings to a non-deterministic choice of possible 

3 outcomes. 

1 12. The method of claim 2 wherein the generating a verification model step includes the step 

2 of populating the control flow with the translated source strings, 

1 13. The method of claim 1 wherein the default conversion includes a keep, the keep causing 

2 the generating of a verification model step to provide an equivalent statement in the target 

3 language. 

14. The method of claim 1 wherein the default conversion comprises a hide, the hide causing 
C| the generating of a verification model step to provide a nul statement in the target language. 

15. The method of claim 1 wherein the default conversion comprises a print, the print 

12 causing the generating of a verification model step to embed the respective source strings in a 

T% print statement in the target language. 

|S 16. The method of claim 2 comprising the further step of shnplifying the parse tree according 

2 to the translated source strings. 

1 17. The method of claim 1 6 wherein the simplifying step includes the steps of: 

2 removing nodes corresponding to nul statements; 

3 removing nodes successive to false nodes; and 

4 skipping selected nodess mapped to true. 
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1 18. The method of claim 3 comprising the further steps of: 

2 collecting certain data object information for nodes in the parse tree corresponding to 

3 basic statements in the source code, the certain data object information including definition 

4 information and use information; 

5 constructing a data dependency graph for the source code based upon the collected data 

6 object information, the data dependency graph having data dependency graph nodes 

7 corresponding to a data object, the data dependency graph having directed edges from first data 

8 dependency graph nodes to successive data dependency graph nodes if the successive data 

9 dependency graph nodes are used at least once in a definition of the first data dependency graph 
ttD nodes; 

Ij determining a transitive closure for the data dependency graph dependency relation; 

adding edges to the data dependency graph according to the transitive closure, the adding 

T3 step providing a second data dependency graph; 

|lj4 for nodes corresponding to basic statements in the source code having translations other 

116 than hide or print, marking second data dependency graph data objects with identifiers 

lfl5 corresponding to the definition information and the use information; 

17 for nodes corresponding to basic statements in the source code having a hide translation; 

1 8 marking second data dependency graph data objects with a hide identifier; and 

19 checking the second data dependency graph data objects for identifiers and the hide 

20 identifier. 
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1 19, A method for verifying that a software based system satisfies certain properties, the 

2 software based system having a source code, comprising the steps of: 

3 extracting a finite state model from the source code, the extracting step including the 

4 steps of: 

5 abstracting the source code statements based upon relevancies between the certain 

6 properties and the source code statements; and 

7 expressing the finite state model in an input language for a model checker; and 

8 checking the finite state model for the certain properties in the model checker. 

1 20. A system for verifying that a system satisfies certain properties, the system having a 

v2 soiirce code, comprising: 

^ -5 a model extractor operable to extract a finite state model firom the source code, the model 

extractor implementing default conversions for translating selected source code elements and 

3 including: 

|ij5 a table of translations for translating other selected source code elements based 

LI17 upon defined abstractions, and 

I % a translator responsive to the translations of the selected source code elements and 

9 the other selected source code elements for expressing the finite state model in an input language 
10 for a model checker, and 

II a model checker responsive to the certain properties and the finite state model for 
12 checking the finite state model for the certain properties. 

1 21. The system of claim 20 wherein the model extractor fiirther includes a parser for 

2 constructing a parse tree from the source code, wherein the translator translates source strings 

3 generated from the parse tree. 
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22. The system of claim 21wherein the model extractor further operates to provide a control 
flow from the parse tree and to populate the control flow with translated source strings. 

23. A method for extracting a verification model from source code having a control flow, 
comprising the steps of: 

generating selected source strings from the source code; 

translating ones of the selected source strings to corresponding target language statements 
according to default conversions; 

optionally searching a conversion table for entries associated with the selected source 
strings, the conversion table including a pluraUty of translations associated with various ones of 
the source strings; 

translating other ones of the selected source strings to corresponding target language 
statements according to the entries; and 

populating the control flow with the target language statements. 
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